Remove existing files before overwriting them Archive should extract only the latest same-named entry. Extracted regular file should not be writtent into existing block device (or any other one).
https://rt.cpan.org/Ticket/Display.html?id=125523 Affects perl <= 5.26.2 Signed-off-by: Jagadeesh Krishnanjanappa <jkrishnanjana...@mvista.com> --- .../perl/perl/CVE-2018-12015.patch | 48 ++++++++++++++++++++++ meta/recipes-devtools/perl/perl_5.24.1.bb | 1 + 2 files changed, 49 insertions(+) create mode 100644 meta/recipes-devtools/perl/perl/CVE-2018-12015.patch diff --git a/meta/recipes-devtools/perl/perl/CVE-2018-12015.patch b/meta/recipes-devtools/perl/perl/CVE-2018-12015.patch new file mode 100644 index 0000000..a2b0109 --- /dev/null +++ b/meta/recipes-devtools/perl/perl/CVE-2018-12015.patch @@ -0,0 +1,48 @@ +From ae65651eab053fc6dc4590dbb863a268215c1fc5 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Petr=20P=C3=ADsa=C5=99?= <ppi...@redhat.com> +Date: Fri, 8 Jun 2018 11:45:40 +0100 +Subject: [PATCH] [PATCH] Remove existing files before overwriting them + +Archive should extract only the latest same-named entry. +Extracted regular file should not be writtent into existing block +device (or any other one). + +https://rt.cpan.org/Ticket/Display.html?id=125523 + +CVE: CVE-2018-12015 +Upstream-Status: Backport [https://github.com/jib/archive-tar-new/commit/ae65651eab053fc6dc4590dbb863a268215c1fc5] + +Signed-off-by: Chris 'BinGOs' Williams <ch...@bingosnet.co.uk> +Signed-off-by: Jagadeesh Krishnanjanappa <jkrishnanjana...@mvista.com> +--- + lib/Archive/Tar.pm | 14 ++++++++++++++ + 1 file changed, 14 insertions(+) + +diff --git a/cpan/Archive-Tar/lib/Archive/Tar.pm b/cpan/Archive-Tar/lib/Archive/Tar.pm +index 6244369..a83975f 100644 +--- a/cpan/Archive-Tar/lib/Archive/Tar.pm ++++ b/cpan/Archive-Tar/lib/Archive/Tar.pm +@@ -845,6 +845,20 @@ sub _extract_file { + return; + } + ++ ### If a file system already contains a block device with the same name as ++ ### the being extracted regular file, we would write the file's content ++ ### to the block device. So remove the existing file (block device) now. ++ ### If an archive contains multiple same-named entries, the last one ++ ### should replace the previous ones. So remove the old file now. ++ ### If the old entry is a symlink to a file outside of the CWD, the new ++ ### entry would create a file there. This is CVE-2018-12015 ++ ### <https://rt.cpan.org/Ticket/Display.html?id=125523>. ++ if (-l $full || -e _) { ++ if (!unlink $full) { ++ $self->_error( qq[Could not remove old file '$full': $!] ); ++ return; ++ } ++ } + if( length $entry->type && $entry->is_file ) { + my $fh = IO::File->new; + $fh->open( $full, '>' ) or ( +-- +2.13.3 + diff --git a/meta/recipes-devtools/perl/perl_5.24.1.bb b/meta/recipes-devtools/perl/perl_5.24.1.bb index aec30c8..8dfe34a 100644 --- a/meta/recipes-devtools/perl/perl_5.24.1.bb +++ b/meta/recipes-devtools/perl/perl_5.24.1.bb @@ -72,6 +72,7 @@ SRC_URI += " \ file://CVE-2018-6798-2.patch \ file://CVE-2018-6797.patch \ file://CVE-2018-6913.patch \ + file://CVE-2018-12015.patch \ " # Fix test case issues -- 2.7.4 -- _______________________________________________ Openembedded-core mailing list Openembedded-core@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-core